Category Started On Completed On Duration Cuckoo Version
FILE 2016-11-03 00:38:02.639812 2016-11-03 00:40:21.152172 138 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win-xp-sp3 win-xp-sp3 VirtualBox 2016-11-03 00:38:02 2016-11-03 00:40:20

File Details

File name 100621.pdf
File size 969411 bytes
File type PDF document, version 1.7
CRC32 C81A14A1
MD5 e3f5ef4fa17b4e08388ae4b0e2373728
SHA1 c201fc4252c97aabad9e13e8c4e064708cce150f
SHA256 5e77d181d45156a17423a7a9d8be59635c3425003a35957f3ccf973bf4a1240b
SHA512 65142c9d1ed5e76e4f38453bfc49c8211b1c9ca182436e7eb42a766fb2e69f1b60b9c97e3393cedf843884f7c9595d9266678a2b4589074e07edd997a69aaf14
Ssdeep 12288:ajvrEOfzscDUseU1CWCD/LdDB1LbWDFhg1hfqXT0IakRo6AX0WP1HZ81DKvm9PeY:ajDdfwc3eVD1/MDICgEAEWhLm92nvm
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2016-10-27 07:25:20
Detection Rate: 39/55 (Expand)

Signatures

No signatures matched

Screenshots

Static Analysis

Strings

Dropped Files

40abf3f5ddc9124c_a9r8152.tmp

219b5f11b968ba89_a9r8153.tmp

b7e552327cfe8c8a_d3d9caps.dat

d90f507188198a72_adobearm.log

a479dd2807cb9817_ArmUI.ini

2a2e0ba33d793244_usercache.bin

cd45143589eed4aa_acecache10.lst

60927ce9b1e6e4bc_shareddataevents

Network Analysis

Nothing to display.

Behavior Summary

File-Read
  • C:\Documents and Settings\ardi\Local Settings\Temp\ArmUI.ini
  • \\?\PIPE\lsarpc
File-Written
  • C:\Documents and Settings\ardi\Local Settings\Temp\ArmUI.ini
  • \\?\pipe\32B6B37A-4A7D-4e00-95F2-6F0BF3DE3E009524054672thsnYaVieBoda
  • C:\Documents and Settings\ardi\Local Settings\Temp\AdobeARM.log
  • \\?\PIPE\lsarpc
  • C:\WINDOWS\system32\d3d9caps.dat
  • C:\Documents and Settings\ardi\Local Settings\Temp\A9R8153.tmp
  • C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal
  • C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\UserCache.bin
  • C:\Documents and Settings\ardi\Local Settings\Temp\A9R8152.tmp
  • \\?\PIPE\lsarpc
  • C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Color\ACECache10.lst
  • C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\SharedDataEvents
  • C:\WINDOWS\system32\d3d9caps.tmp
File-Deleted
  • C:\Documents and Settings\ardi\Local Settings\Temp\ArmUI.ini
File-Opened
  • C:\Documents and Settings\ardi\Local Settings\Temp\ArmUI.ini
  • \\?\pipe\32B6B37A-4A7D-4e00-95F2-6F0BF3DE3E009524054672thsnYaVieBoda
  • C:\Documents and Settings\ardi\Local Settings\Temp\AdobeARM.log
  • C:\
  • \\?\PIPE\lsarpc
  • C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\9.0\
  • C:\
  • C:\Documents and Settings\ardi\Application Data\
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf
  • C:\Documents and Settings\ardi\Application Data\Adobe\Flash Player\AssetCache\
  • C:\Program Files\Adobe\Reader 9.0\Resource\
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\SendMail.api
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf
  • C:\WINDOWS\Web\wallpaper\Bliss.bmp
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB
  • C:\WINDOWS\system32\wininet.dll
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf
  • C:\WINDOWS\system32\urlmon.dll
  • C:\Program Files\Adobe\Reader 9.0\Resource\CMap\
  • C:\WINDOWS\system32\d3d9caps.tmp
  • C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\
  • C:\Program Files\
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf
  • C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\Forms\
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Search5.api
  • C:\Documents and Settings\ardi\Local Settings\Temp\100621.pdf
  • C:\Documents and Settings\ardi\Application Data\Adobe\Flash Player\
  • C:\WINDOWS\system32\VBoxDisp.dll
  • C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\9.0\Replicate\
  • C:\WINDOWS\system32\Macromed\Flash\
  • C:\WINDOWS\system32\wdmaud.drv
  • C:\WINDOWS\system32\spool\drivers\color\is330.icm
  • C:\Documents and Settings\ardi\Local Settings\Temp\A9R8152.tmp
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\PPKLite.api
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Updater.api
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Search.api
  • C:\WINDOWS\system32\rpcss.dll
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm
  • C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf
  • C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.sig
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\
  • C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll
  • C:\Documents and Settings\ardi\Local Settings\Temp\A9R8153.tmp
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf
  • C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Checkers.api
  • C:\Program Files\Common Files\Adobe\
  • C:\Documents and Settings\ardi\Application Data\desktop.ini
  • C:\Program Files\Adobe\Reader 9.0\Reader\JavaScripts\
  • C:\Documents and Settings\ardi\Local Settings\Application Data\
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Spelling.api
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\IA32.api
  • C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\Collab\
  • C:\Program Files\Common Files\Adobe\ARM\1.0\
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\HLS.api
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api
  • C:\Documents and Settings\ardi\Local Settings\Temp\
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\
  • C:\WINDOWS\system32
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\reflow.api
  • C:\Program Files\Adobe\Reader 9.0\Resource\CMap
  • C:\WINDOWS\system32\rsaenh.dll
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Multimedia.api
  • C:\WINDOWS\system32\spool\drivers\color\kodak_dc.icm
  • C:\Program Files\Common Files\
  • C:\Program Files\Adobe\Reader 9.0\Reader\JavaScripts\JSByteCodeWin.bin
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\DVA.api
  • C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\SharedDataEvents
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf
  • C:\Documents and Settings\ardi\
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.api
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\
  • C:\Documents and Settings\ardi\Local Settings\Temp
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font
  • C:\WINDOWS\system32\spool\drivers\color\sRGB Color Space Profile.icm
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\ReadOutLoud.api
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\DigSig.api
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins3d\
  • C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V
  • C:\WINDOWS\system32\spool\drivers\color\
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\PDDom.api
  • \\?\PIPE\lsarpc
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\adobepdf.xdc
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\MakeAccessible.api
  • C:\WINDOWS\system32\d3d9caps.dat
  • C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\eBook.api
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\SaveAsRTF.api
  • C:\Documents and Settings\
  • C:\Documents and Settings\ardi\Application Data\Adobe\
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\EScript.api
  • C:\Documents and Settings\ardi\Local Settings\
  • C:\Program Files\Adobe\Reader 9.0\Reader\
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf
  • C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api
  • C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf
  • C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\weblink.api
Registry Key-Opened
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1645522239-1935655697-854245398-1003\Installer\UpgradeCodes\68AB67CA000000007716E7A854000000
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\68AB67CA7DA73301B7449A0500000010
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\PagedBuffers
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockdown
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdobeARM.exe\RpcThreadPoolThrottle
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1645522239-1935655697-854245398-1003\Installer\UpgradeCodes\68AB67CA000000007706E7A854000000
  • HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\68AB67CA000000007716E7A854000000
  • HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\9.0\Language\current
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1645522239-1935655697-854245398-1003\Installer\Products\68AB67CA7DA73301B7449A0500000010
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\UpgradeCodes\66EDAE6A0000000084E4E7A854000000
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\UpgradeCodes\68AB67CA000000007716E7A854000000
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1645522239-1935655697-854245398-1003\Installer\UpgradeCodes\66EDAE6A0000000084E4E7A854000000
  • HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\66EDAE6A0000000084E4E7A854000000
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B7449A0500000010\InstallProperties
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\UpgradeCodes\68AB67CA00000000ABE7E7A854000000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Adobe ARM\1.0\ARM
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1645522239-1935655697-854245398-1003\Installer\UpgradeCodes\68AB67CA00000000ABE7E7A854000000
  • HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\68AB67CA000000007706E7A854000000
  • HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe ARM\1.0\ARM
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\UpgradeCodes\68AB67CA000000007706E7A854000000
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer
  • HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\68AB67CA00000000ABE7E7A854000000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Acrobat Reader\9.0\Installer
  • HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA73301B7449A0500000010
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Acrobat Reader\9.0\AdobeViewer
Registry Key-Deleted
  • HKEY_CURRENT_USER\Software\Adobe\Adobe ARM\1.0\ARM\iNotify
Registry Key-Read
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B7449A0500000010\InstallProperties\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\MaxRpcSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\DisableLUAPatching
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
  • HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Language\current\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\Debug
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\68AB67CA7DA73301B7449A0500000010\Language
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\DisableUserInstalls
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\68AB67CA7DA73301B7449A0500000010\AuthorizedLUAApp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B7449A0500000010\InstallProperties\VersionMajor
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B7449A0500000010\InstallProperties\DisplayVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Acrobat Reader\9.0\AdobeViewer\EULA
  • HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Acrobat Reader\9.0\Installer\Path
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B7449A0500000010\InstallProperties\VersionMinor
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsHistory
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetConnectDisconnect
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\DisablePatch
  • HKEY_CURRENT_USER\Software\Adobe\Adobe ARM\1.0\ARM\tLastT_Reader
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\bUpdater

Processes

registry filesystem process services network synchronization

lsass.exe PID: 660, Parent PID: 536

AcroRd32.exe PID: 1852, Parent PID: 1804

AdobeARM.exe PID: 1368, Parent PID: 1852

Volatility

Nothing to display.